Cyber risk services

Learn more

Deloitte's Information & Technology Risk practice helps organizations to deal with issues related to business processes, technology, operational and financial risks. Our aim is to enable clients to measure, manage and control risk and thereby to enhance the reliability of processes and systems across the board.
We understand business and industry issues coupled with technology, audit and security expertise. This allows us to determine the real business impact of risks and to frame our findings and recommendations in a business context. A number of our professionals possess CISA and CISSP certifications.

Explore Content

To reduce the risk of fraud and unauthorized transactions, no single individual should have control over two or more parts of a process. This is a segregation (or separation) of duties. A simple example would be of an assistant in the accounts department who has been assigned access to amend supplier master file details and to make payments, which could lead to fraud as individuals create a supplier and process fraudulent payments to themselves. From experience, most segregation of duties issues occur because an organization has not taken a risk-managed approach to designing processes. There is frequently a lack of focus and attention given to the design, operation and monitoring of segregation of duties with organisations.

Implementation or optimization of SAP controls through automation and rationalization to streamline existing controls or implement automated control solutions.

Implementation support for SAP GRP Access Control.

Segregation of duties in ERP systems

Organizations must implement and maintain a security management framework, aligning people, process and technology, to survive in today’s competitive market and comply with external requirements.

Our services:

Assessment of the current state of information security against the requirements of the Central Bank of Russia’s security standard and Law of the Russian Federation “On Personal Data”, PCI DSS, ISO27000 and others.

Risk assessment, development of information security strategies, business cases and implementation roadmaps.

Information security compliance

The need to provide continuity of service has never been greater due to more and more organizations operating 24/7 and there being an increasing dependence on technology in order to conduct business.

ncreasing stakeholder and regulatory expectations demand an approach that gives equal consideration to managing the immediate and longer term outcomes from incidents affecting people, processes, systems or events external to the organization.

Our services:

Business impact and current state analysis

Management of your business continuity program

Development of business continuity plans

Business continuity testing and training

Business continuity & resilience

All organizations hold sensitive data that customers, business partners, regulators, shareholders and the board expect them to protect. Despite this, high profile security breaches involving personal and corporate data continue.

The impact of regulatory intervention combined with negative publicity and public perception is prompting organizations to take immediate measures to understand the sensitive information they hold, how it is controlled and how to prevent it from being leaked.

Our services:

Information flow analysis to understand how the organization currently manages sensitive information, where that information is stored, who is using it and how it is processed

Assessment of the likelihood and impact of information loss

Review of how the information is handled and the controls in place

Development of remediation plans

Assistance with the selection and implementation of automated DLP solution

Information leakage prevention

Contacts

Director, Risk Advisory

Denis leads the innovative technology and business automation risk advisory practice at Deloitte CIS, helping clients streamline their business processes and increase the potential of solutions implem... More

Senior Manager, ERS

Alexey joined Deloitte in 2011. He holds a Degree in Finance and Credit. His key areas of expertise are in SAP systems and automated controls in business processes, segregation of duties in automated ... More

Senior Manager, Risk Advisory

Anatoly has many years of experience in IT and information security project management. Anatoly specializes in the improvement of internal control over information security, improvement of the maturit... More

Senior Manager, Risk Advisory

Andrey has been with Deloitte since 2015, and has more than seven years of experience in consulting services. Andrey focuses on the design, development and improvement of internal controls over busine... More

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.